Keeping compliant with data protection laws, such as the GDPR, PCI DSS, or information security standards like ISO 27001, requires not only securing data effectively, but also deleting the data when you no longer have a legitimate purpose to store it. With Unified Call Recording from Dubber, you can ensure that recorded calls comply with data retention periods, and are secured effectively. The latest update to be released to the Dubber platform includes the option to set a retention period for recordings, allowing companies to comply with data protection legislation more easily.
Why do I need data retention periods?
The retention period is the length of time you store customer and supplier records for business or compliance purposes before the data is deleted. Erasign data after it is no longer required is important as it reduces the risk of keeping unnecessary, inaccurate, or out of date information.
While the General Data Protection Regulation (GDPR) doesn’t set out any specific minimum or maximum periods for keeping customer and supplier data, it does state that you must keep data no longer than is necessary for the purpose you obtained it for.
If you process debit or credit card information, you may be subject to the Payment Card Industry Data Security Standard (PCI DSS).
Similarly, if you intend to comply with ISO 27001, the international standard that describes best practice for information security, you must take note of its requirements. These compliance requirements will dictate what information must be included in your information security policy and the rules you should follow. A simple data retention policy will address: the types of information the policy covers, how long you are entitled to keep the information, and what you should do with data when you no longer have a legitimate purpose to store it.
What are data retention best practices?
You must not keep personal data for longer than necessary
You need to be able to justify how long you store personal data. This will depend on why you are storing the data
You should have a data retention policy that sets standard retention periods, in order to comply with documentation requirements
You should periodically review the data you hold, and delete or anonymize it when no longer required
In some jurisdictions, individuals have a right to erasure and you should be ready to delete data on request
Personal data should only be retained for longer periods if it is for public interest archiving, scientific or historical research, or statistical purposes
How do I set a data retention period?
Data protection regulations around the world require enterprises to ensure that personal data from their consumers is deleted after a specified period. These requirements will vary by region and industry. With retention periods, businesses can customise their plan so that recordings are deleted according to their exact compliance needs. Retention periods can be altered as required so that organisations can adapt to changing regulations.
While your voice data is stored within the Dubber platform, you can be sure that the security measures will protect against any data breaches. The platform offers a level of encryption and reliability not seen in on-premise storage, with significantly reduced risk of damage, theft, or tampering. Alternative approaches to call recording such as in-app recording means a lack of control over who has recorded calls, where they are stored, and who has access to the voice data. Enterprises must ensure that their information security policy protects against this kind of risky behaviour.
What about complying with financial services regulations?
Legislation such as MiFID II in the EU requires financial services organisations to record calls containing financial advice, but these must be deleted after 5 or 7 years, depending on the country. With the new retention periods feature, financial institutions can set a maximum length of time for recorded calls to be stored within the Dubber platform. Once this period has been reached, these recordings and their associated AI data will automatically be deleted.
Do I need a special plan?
Retention periods are available as standard on our Call Dub and Dubber AI plans, at no additional cost, and are enabled as default within account settings. These services are both all inclusive, with a full range of recording features and unlimited storage, retention and minutes per month: ensuring no worries about running out of space. Dubber AI comes with added voice AI functionality, including transcription, sentiment and tone analysis, and customisable automated alerts.
To find out more about how Dubber’s Unified Call Recording is helping businesses meet their compliance requirements, click here to chat to one of our team.